Improper Authentication in nVidia products - CVE-2024-0130
Published: November 27, 2024
Vulnerability identifier: #VU100980
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2024-0130
CWE-ID: CWE-287
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vendor: nVidia
Affected software:
UFM Enterprise GA
UFM Enterprise Appliance GA
UFM SDN Appliance GA
UFM CyberAI GA
UFM CyberAI LTS23
UFM Enterprise LTS23
UFM Enterprise Appliance LTS23
UFM SDN Appliance LTS23
UFM Enterprise GA
UFM Enterprise Appliance GA
UFM SDN Appliance GA
UFM CyberAI GA
UFM CyberAI LTS23
UFM Enterprise LTS23
UFM Enterprise Appliance LTS23
UFM SDN Appliance LTS23
Detailed vulnerability description
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error when processing authentication requests. A remote attacker on the local network can bypass authentication process and gain unauthorized access to the application.
How to mitigate CVE-2024-0130
Install updates from vendor's website.